xref: /freebsd/contrib/sendmail/README (revision 38f0b757fd84d17d0fc24739a7cda160c4516d81)
1
2			SENDMAIL RELEASE 8
3
4This directory has the latest sendmail(TM) software from Proofpoint, Inc.
5
6Report any bugs to sendmail-bugs-YYYY@support.sendmail.org
7where YYYY is the current year, e.g., 2005.
8
9There is a web site at http://www.sendmail.org/ -- see that site for
10the latest updates.
11
12+--------------+
13| INTRODUCTION |
14+--------------+
15
160. The vast majority of queries about sendmail are answered in the
17   README files noted below.
18
191. Read this README file, especially this introduction, and the DIRECTORY
20   PERMISSIONS sections.
21
222. Read the INSTALL file in this directory.
23
243. Read sendmail/README, especially:
25   a. the introduction
26   b. the BUILDING SENDMAIL section
27   c. the relevant part(s) of the OPERATING SYSTEM AND COMPILE QUIRKS section
28
29   You may also find these useful:
30
31   d. sendmail/SECURITY
32   e. devtools/README
33   f. devtools/Site/README
34   g. libmilter/README
35   h. mail.local/README
36   i. smrsh/README
37
384. Read cf/README.
39
40Sendmail is a trademark of Proofpoint, Inc.
41US Patent Numbers 6865671, 6986037.
42
43+-----------------------+
44| DIRECTORY PERMISSIONS |
45+-----------------------+
46
47Sendmail often gets blamed for many problems that are actually the
48result of other problems, such as overly permissive modes on directories.
49For this reason, sendmail checks the modes on system directories and
50files to determine if they can be trusted.  For sendmail to run without
51complaining, you MUST execute the following command:
52
53	chmod go-w / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue
54	chown root / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue
55
56You will probably have to tweak this for your environment (for example,
57some systems put the spool directory into /usr/spool instead of
58/var/spool).  If you set the RunAsUser option in your sendmail.cf, the
59/var/spool/mqueue directory will have to be owned by the RunAsUser user.
60As a general rule, after you have compiled sendmail, run the command
61
62	sendmail -v -bi
63
64to initialize the alias database.  If it gives messages such as
65
66	WARNING: writable directory /etc
67	WARNING: writable directory /var/spool/mqueue
68
69then the directories listed have inappropriate write permissions and
70should be secured to avoid various possible security attacks.
71
72Beginning with sendmail 8.9, these checks have become more strict to
73prevent users from being able to access files they would normally not
74be able to read.  In particular, .forward and :include: files in unsafe
75directory paths (directory paths which are group or world writable) will
76no longer be allowed.  This would mean that if user joe's home directory
77was writable by group staff, sendmail would not use his .forward file.
78This behavior can be altered, at the expense of system security, by
79setting the DontBlameSendmail option.  For example, to allow .forward
80files in group writable directories:
81
82	O DontBlameSendmail=forwardfileingroupwritabledirpath
83
84Or to allow them in both group and world writable directories:
85
86	O DontBlameSendmail=forwardfileinunsafedirpath
87
88Items from these unsafe .forward and :include: files will be marked
89as unsafe addresses -- the items can not be deliveries to files or
90programs.  This behavior can also be altered via DontBlameSendmail:
91
92	O DontBlameSendmail=forwardfileinunsafedirpath,
93		forwardfileinunsafedirpathsafe
94
95The first flag allows the .forward file to be read, the second allows
96the items in the file to be marked as safe for file and program
97delivery.
98
99Other files affected by this strengthened security include class
100files (i.e., Fw /etc/mail/local-host-names), persistent host status files,
101and the files specified by the ErrorHeader and HelpFile options.  Similar
102DontBlameSendmail flags are available for the class, ErrorHeader, and
103HelpFile files.
104
105If you have an unsafe configuration of .forward and :include:
106files, you can make it safe by finding all such files, and doing
107a "chmod go-w $FILE" on each.  Also, do a "chmod go-w $DIR" for
108each directory in the file's path.
109
110
111+--------------------------+
112| FILE AND MAP PERMISSIONS |
113+--------------------------+
114
115Any application which uses either flock() or fcntl() style locking or
116other APIs that use one of these locking methods (such as open() with
117O_EXLOCK and O_SHLOCK) on files readable by other local untrusted users
118may be susceptible to local denial of service attacks.
119
120File locking is used throughout sendmail for a variety of files
121including aliases, maps, statistics, and the pid file.  Any user who
122can open one of these files can prevent sendmail or it's associated
123utilities, e.g., makemap or newaliases, from operating properly.  This
124can also affect sendmail's ability to update status files such as
125statistics files.  For system which use flock() for file locking, a
126user's ability to obtain an exclusive lock prevents other sendmail
127processes from reading certain files such as alias or map databases.
128
129A workaround for this problem is to protect all sendmail files such
130that they can't be opened by untrusted users.  As long as users can
131not open a file, they can not lock it.  Since queue files should
132already have restricted permissions, the only files that need
133adjustment are alias, map, statistics, and pid files.  These files
134should be owned by root or the trusted user specified in the
135TrustedUser option.  Changing the permissions to be only readable and
136writable by that user is sufficient to avoid the denial of service.
137For example, depending on the paths you use, these commands would be
138used:
139
140	chmod 0640 /etc/mail/aliases /etc/mail/aliases.{db,pag,dir}
141	chmod 0640 /etc/mail/*.{db,pag,dir}
142	chmod 0640 /etc/mail/statistics /var/log/sendmail.st
143	chmod 0600 /var/run/sendmail.pid /etc/mail/sendmail.pid
144
145If the permissions 0640 are used, be sure that only trusted users belong
146to the group assigned to those files.  Otherwise, files should not even
147be group readable.  As of sendmail 8.12.4, the permissions shown above
148are the default permissions for newly created files.
149
150Note that the denial of service on the plain text aliases file
151(/etc/mail/aliases) only prevents newaliases from rebuilding the
152aliases file.  The same is true for the database files on systems which
153use fcntl() style locking.  Since it does not interfere with normal
154operations, sites may chose to leave these files readable.  Also, it is
155not necessary to protect the text files associated with map databases
156as makemap does not lock those files.
157
158
159+-----------------------+
160| RELATED DOCUMENTATION |
161+-----------------------+
162
163There are other files you should read.  Rooted in this directory are:
164
165  FAQ
166	The FAQ (frequently answered questions) is no longer maintained
167	with the sendmail release.  It is available at
168	http://www.sendmail.org/faq/ .  The file FAQ is a reminder of
169	this and a pointer to the web page.
170  INSTALL
171	Installation instructions for building and installing sendmail.
172  KNOWNBUGS
173	Known bugs in the current release.
174  RELEASE_NOTES
175	A detailed description of the changes in each version.  This
176	is quite long, but informative.
177  sendmail/README
178	Details on compiling and installing sendmail.
179  cf/README
180	Details on configuring sendmail.
181  doc/op/op.me
182	The sendmail Installation & Operations Guide.  In addition
183	to the shipped PostScript version, plain text and PDF versions
184	can be generating using (assuming the required conversion software
185	is installed on your system, see doc/op/Makefile):
186
187	cd doc/op && make op.txt op.pdf
188
189	Be warned: on some systems calling make in doc/op/ will cause
190	errors due to nroff/groff problems.  Known problems are:
191	- running this off on systems with an old version of -me, you
192	need to add the following macro to the macros:
193
194		.de sm
195		\s-1\\$1\\s0\\$2
196		..
197
198	This sets a word in a smaller pointsize.
199
200	- with new groff versions (1.18 seems affected)
201
202	GROFF_NO_SGR=1
203
204	needs to be set, e.g., in doc/op/Makefile:
205
206	ROFF_CMD=	GROFF_NO_SGR=1 groff
207
208
209+--------------+
210| RELATED RFCS |
211+--------------+
212
213There are several related RFCs that you may wish to read -- they are
214available via anonymous FTP to several sites.  For a list of the
215primary repositories see:
216
217	http://www.isi.edu/in-notes/rfc-retrieval.txt
218
219They are also online at:
220
221	http://www.ietf.org/
222
223They can also be retrieved via electronic mail by sending
224email to one of:
225
226	mail-server@nisc.sri.com
227		Put "send rfcNNN" in message body
228	nis-info@nis.nsf.net
229		Put "send RFCnnn.TXT-1" in message body
230	sendrfc@jvnc.net
231		Put "RFCnnn" as Subject: line
232
233For further instructions see:
234
235	http://www.isi.edu/in-notes/rfc-editor/rfc-info
236
237Important RFCs for electronic mail are:
238
239	RFC821	SMTP protocol
240	RFC822	Mail header format
241	RFC974	MX routing
242	RFC976	UUCP mail format
243	RFC1123	Host requirements (modifies 821, 822, and 974)
244	RFC1344	Implications of MIME for Internet Mail Gateways
245	RFC1413	Identification server
246	RFC1428	Transition of Internet Mail from Just-Send-8 to
247		8-bit SMTP/MIME
248	RFC1652	SMTP Service Extension for 8bit-MIMEtransport
249	RFC1869	SMTP Service Extensions (ESMTP spec)
250	RFC1870	SMTP Service Extension for Message Size Declaration
251	RFC1891	SMTP Service Extension for Delivery Status Notifications
252	RFC1892	Multipart/Report Content Type for the Reporting of
253		Mail System Administrative Messages
254	RFC1893	Enhanced Mail System Status Codes
255	RFC1894	An Extensible Message Format for Delivery Status
256		Notifications
257	RFC1985	SMTP Service Extension for Remote Message Queue Starting
258	RFC2033 Local Mail Transfer Protocol (LMTP)
259	RFC2034 SMTP Service Extension for Returning Enhanced Error Codes
260	RFC2045	Multipurpose Internet Mail Extensions (MIME) Part One:
261		Format of Internet Message Bodies
262	RFC2476 Message Submission
263	RFC2487 SMTP Service Extension for Secure SMTP over TLS
264	RFC2554 SMTP Service Extension for Authentication
265	RFC2821 Simple Mail Transfer Protocol
266	RFC2822 Internet Message Format
267	RFC2852 Deliver By SMTP Service Extension
268	RFC2920 SMTP Service Extension for Command Pipelining
269
270Other standards that may be of interest (but which are less directly
271relevant to sendmail) are:
272
273	RFC987	Mapping between RFC822 and X.400
274	RFC1049	Content-Type header field (extension to RFC822)
275
276Warning to AIX users: this version of sendmail does not implement
277MB, MR, or MG DNS resource records, as defined (as experiments) in
278RFC1035.
279
280
281+---------+
282| WARNING |
283+---------+
284
285Since sendmail 8.11 and later includes hooks to cryptography, the
286following information from OpenSSL applies to sendmail as well.
287
288PLEASE REMEMBER THAT EXPORT/IMPORT AND/OR USE OF STRONG CRYPTOGRAPHY
289SOFTWARE, PROVIDING CRYPTOGRAPHY HOOKS OR EVEN JUST COMMUNICATING
290TECHNICAL DETAILS ABOUT CRYPTOGRAPHY SOFTWARE IS ILLEGAL IN SOME
291PARTS OF THE WORLD.  SO, WHEN YOU IMPORT THIS PACKAGE TO YOUR
292COUNTRY, RE-DISTRIBUTE IT FROM THERE OR EVEN JUST EMAIL TECHNICAL
293SUGGESTIONS OR EVEN SOURCE PATCHES TO THE AUTHOR OR OTHER PEOPLE
294YOU ARE STRONGLY ADVISED TO PAY CLOSE ATTENTION TO ANY EXPORT/IMPORT
295AND/OR USE LAWS WHICH APPLY TO YOU.  THE AUTHORS ARE NOT LIABLE FOR
296ANY VIOLATIONS YOU MAKE HERE.  SO BE CAREFUL, IT IS YOUR RESPONSIBILITY.
297
298If you use OpenSSL then make sure you read their README file which
299contains information about patents etc.
300
301
302+-------------------+
303| DATABASE ROUTINES |
304+-------------------+
305
306IF YOU WANT TO RUN THE NEW BERKELEY DB SOFTWARE:  ****  DO NOT  ****
307use the version that was on the Net2 tape -- it has a number of
308nefarious bugs that were bad enough when I got them; you shouldn't have
309to go through the same thing.  Instead, get a new version via the web at
310http://www.sleepycat.com/.  This software is highly recommended; it gets
311rid of several stupid limits, it's much faster, and the interface is
312nicer to animals and plants.  If the Berkeley DB include files
313are installed in a location other than those which your compiler searches,
314you will need to provide that directory when building:
315
316	./Build -I/path/to/include/directory
317
318If you are using Berkeley DB versions 1.85 or 1.86, you are *strongly*
319urged to upgrade to DB version 2 or later, available from
320http://www.sleepycat.com/.  Berkeley DB versions 1.85 and 1.86 are known to
321be broken in various nasty ways (see http://www.sleepycat.com/db.185.html),
322and can cause sendmail to dump core.  In addition, the newest versions of
323gcc and the Solaris compilers perform optimizations in those versions that
324may cause fairly random core dumps.
325
326If you have no choice but to use Berkeley DB 1.85 or 1.86, and you are
327using both Berkeley DB and files in the UNIX ndbm format, remove ndbm.h
328and ndbm.o from the DB library after building it.  You should also apply
329all of the patches for DB 1.85 and 1.86 found at the Sleepycat web site
330(see http://www.sleepycat.com/db.185.html), as they fix some of the known
331problems.
332
333If you are using a version of Berkeley DB 2 previous to 2.3.15, and you
334are using both Berkeley DB and files in the UNIX ndbm format, remove dbm.o
335from the DB library after building it.  No other changes are necessary.
336
337If you are using Berkeley DB version 2.3.15 or greater, no changes are
338necessary.
339
340The underlying database file formats changed between Berkeley DB versions
3411.85 and 1.86, again between DB 1.86 and version 2.0, and finally between
342DB 2.X and 3.X.  If you are upgrading from one of those versions, you must
343recreate your database file(s).  Do this by rebuilding all maps with
344makemap and rebuilding the alias file with newaliases.
345
346
347+--------------------+
348| HOST NAME SERVICES |
349+--------------------+
350
351If you are using NIS or /etc/hosts, it is critical that you
352list the long (fully qualified) name somewhere (preferably first) in
353the /etc/hosts file used to build the NIS database.  For example, the
354line should read
355
356	128.32.149.68   mastodon.CS.Berkeley.EDU mastodon
357
358**** NOT ****
359
360	128.32.149.68   mastodon
361
362If you do not include the long name, sendmail will complain loudly
363about ``unable to qualify my own domain name (mastodon) -- using
364short name'' and conclude that your canonical name is the short
365version and use that in messages.  The name "mastodon" doesn't mean
366much outside of Berkeley, and so this creates incorrect and unreplyable
367messages.
368
369
370+-------------+
371| USE WITH MH |
372+-------------+
373
374This version of sendmail notices and reports certain kinds of SMTP
375protocol violations that were ignored by older versions.  If you
376are running MH you may wish to install the patch in contrib/mh.patch
377that will prevent these warning reports.  This patch also works
378with the old version of sendmail, so it's safe to go ahead and
379install it.
380
381
382+----------------+
383| USE WITH IDENT |
384+----------------+
385
386Sendmail 8 supports the IDENT protocol, as defined by RFC 1413.
387Note that the RFC states a client should wait at least 30 seconds
388for a response.  As of 8.10.0, the default Timeout.ident is 5 seconds
389as many sites have adopted the practice of dropping IDENT queries.
390This has lead to delays processing mail.
391
392No ident server is included with this distribution.  It is available
393from:
394
395  ftp://ftp.lysator.liu.se/pub/ident/servers/
396  http://sf.www.lysator.liu.se/~pen/pidentd/
397
398+-------------------------+
399| INTEROPERATION PROBLEMS |
400+-------------------------+
401
402Microsoft Exchange Server 5.0
403	We have had a report that ``about 7% of messages from Sendmail
404	to Exchange were not being delivered with status messages of
405	"connection reset" and "I/O error".''  Upgrading Exchange from
406	Version 5.0 to Version 5.5 Service Pack 2 solved this problem.
407
408CommuniGate Pro
409	CommuniGate Pro 3.2.4 does not accept the AUTH= -parameter on
410	the MAIL FROM command if the client is not authenticated.  Use
411
412		define(`confAUTH_OPTIONS', `A')
413
414	in .mc file if you have compiled sendmail with Cyrus SASL
415	and you communicate with CommuniGate Pro servers.
416
417+---------------------+
418| DIRECTORY STRUCTURE |
419+---------------------+
420
421The structure of this directory tree is:
422
423cf		Source for sendmail configuration files.  These are
424		different than what you've seen before.  They are a
425		fairly dramatic rewrite, requiring the new sendmail
426		(since they use new features).
427contrib		Some contributed tools to help with sendmail.  THESE
428		ARE NOT SUPPORTED by sendmail -- contact the original
429		authors if you have problems.  (This directory is not
430		on the 4.4BSD tape.)
431devtools	Build environment.  See devtools/README.
432doc		Documentation.  If you are getting source, read
433		op.me -- it's long, but worth it.
434editmap		A program to edit and query maps that have been created
435		with makemap, e.g., adding and deleting entries.
436include		Include files used by multiple programs in the distribution.
437libsmdb		sendmail database library with support for Berkeley DB 1.X,
438		Berkeley DB 2.X, Berkeley DB 3.X, and NDBM.
439libsmutil	sendmail utility library with functions used by different
440		programs.
441mail.local	The source for the local delivery agent used for 4.4BSD.
442		THIS IS NOT PART OF SENDMAIL! and may not compile
443		everywhere, since it depends on some 4.4-isms.  Warning:
444		it does mailbox locking differently than other systems.
445mailstats	Statistics printing program.
446makemap		A program that creates the keyed maps used by the $( ... $)
447		construct in sendmail.  It is primitive but effective.
448		It takes a very simple input format, so you will probably
449		expect to preprocess must human-convenient formats
450		using sed scripts before this program will like them.
451		But it should be functionally complete.
452praliases	A program to print the DBM or NEWDB version of the
453		aliases file.
454rmail		Source for rmail(8).  This is used as a delivery
455		agent for for UUCP, and could presumably be used by
456		other non-socket oriented mailers.  Older versions of
457		rmail are probably deficient.  RMAIL IS NOT PART OF
458		SENDMAIL!!!  The 4.4BSD source is included for you to
459		look at or try to port to your system.  There is no
460		guarantee it will even compile on your operating system.
461smrsh		The "sendmail restricted shell", which can be used as
462		a replacement for /bin/sh in the prog mailer to provide
463		increased security control.  NOT PART OF SENDMAIL!
464sendmail	Source for the sendmail program itself.
465test		Some test scripts (currently only for compilation aids).
466vacation	Source for the vacation program.  NOT PART OF SENDMAIL!
467
468$Revision: 8.96 $, Last updated $Date: 2013/11/22 20:51:01 $
469